Description:
Multiple vulnerabilities were reported in HPE Intelligent Management Center PLAT. A remote authenticated user can cause denial of service conditions on the target system. A remote user can execute arbitrary code on the target system.

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to rename arbitrary files and execute arbitrary code on the target system [CVE-2017-12554]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in MibBrowserTopoFilterServlet to execute arbitrary code on the target system [CVE-2017-12556]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMDebugServlet to execute arbitrary code on the target system [CVE-2017-12557]. The code will run with System privileges.

A remote user can send specially crafted data to TCP port 8080 or 8443 to trigger a deserialization flaw in WebDMServlet to execute arbitrary code on the target system [CVE-2017-12558]. The code will run with System privileges.

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to delete arbitrary files on the target system [CVE-2017-12559].

A remote authenticated user can send specially crafted data to TCP port 8080 or 8443 to trigger an input validation flaw in the mibFileServlet servlet to delete arbitrary directories on the target system [CVE-2017-12560].

A remote authenticated user can send specially crafted data to the dbman service on TCP port 2810 to trigger a use-after-free in the mibFileServlet servlet to delete arbitrary files on the target system [CVE-2017-12561].